Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22924
HistoryDec 15, 2009 - 12:00 a.m.

Miniweb 2.0 Full Path Disclosure

2009-12-1500:00:00
vulners.com
24
JSON

Miniweb 2.0 Full Path Disclosure

Name Miniweb 2.0
Vendor http://www.miniweb2.com

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-12

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION

Miniweb 2.0 is designed for those who want to transform a
brochure site into a dynamic Web 2.0 site that attracts
tons of traffic and sales.

II. DESCRIPTION

Preamble: I don't consider this argument a real securit;
flaw but it may be useful in some cases.

The value of the module parameter passed to index.php page
is included using the PHP main function. This may be a
principle of local file inclusion vulnerability but in
this case the final NULL byte is properly sanitised.
However an invalid module name produces a warning message
with the full path of the interested page.

III. ANALYSIS

Summary:

A) Full Path Disclosure

A) Full Path Disclosure

In order to "exploit" this vulnerability, you don't
require anything.

IV. SAMPLE CODE

http://site/path/index.php?module=foo%00

V. FIX

Use @main() instead of main().

JSON